The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

dm.cgi - Dark Mailer program

Discussion in 'E-mail Discussions' started by handsonhosting, Jun 20, 2007.

  1. handsonhosting

    handsonhosting Well-Known Member

    Joined:
    Feb 17, 2002
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Omaha, NE
    cPanel Access Level:
    Root Administrator
    Hey Folks,

    Over the past 3 days we've been hit pretty hard with a dm.cgi script running on servers. It's not just one or two servers with the program running, but so far we've counted 10 servers that have had the script running.

    The dm.cgi file is a program that sends out mass mail (Dark Mailer). As a result, we would likely end up on a black list quickly if we were not on top of it as we are currently.

    I've searched google, and while I find lots of places that offer it to download, there's no real documentation that I can find. I know that it uses a direct SMTP connection, thus bypassing rules etc, so I'm looking to find out if anyone has had experience with it and sucessfuly blocked it on their servers (other than using mod_security).

    Any help would be appreciated.
     
  2. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Shoot me an email of PM, I have something that can help
     
  3. handsonhosting

    handsonhosting Well-Known Member

    Joined:
    Feb 17, 2002
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Omaha, NE
    cPanel Access Level:
    Root Administrator
    Thanks in advance,

    Message sent to PM.
     
  4. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    I believe chirpy's firewall can do it.

    See:

    # Block outgoing SMTP except for root, exim and mailman (forces scripts/users
    # to use the exim/sendmail binary instead of sockets access). This adds the
    # protection as WHM > Tweak Settings > SMTP Tweaks, which are lost when using a
    # firewall configuration script

    and

    # If SMTP_BLOCK is enabled but you want to allow local connections to port 25
    # on the server (e.g. for web scripts) then enable this option too
     
  5. handsonhosting

    handsonhosting Well-Known Member

    Joined:
    Feb 17, 2002
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Omaha, NE
    cPanel Access Level:
    Root Administrator
    Hi Lloyd,

    Thanks for the feedback.

    Yeah, we've been experimenting enabling that on a number of servers. We've had the CSF running for quite some time on our machines, but that option has been marked as OFF as we weren't sure how it would affect other sites on the machine with eCommerce Software sending mail etc.

    I guess at this point, we'll enable it and see if we are experiencing any differences.

    Never received anything from Ramprage yet, so I'll enable the other for the moment.

    Thanks again for the comments and the help toward a solution.
     
  6. linuxserverguy

    linuxserverguy Active Member

    Joined:
    Apr 14, 2005
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Apologies for digging old thread but I was curious, Did CSF help you in blocking dm.cgi dark.cgi scripts?
     

Share This Page